April 2022 saw the WordPress project and its ecosystem decisively move toward full site editing, harden plugin governance, and patch several high-risk security issues.
The month combined steady core development, major Gutenberg plugin milestones, and a fresh wave of plugin vulnerability disclosures, underlining the continuing importance of timely patching and responsible disclosure.
This report collects every significant development between April 1, 2022, and April 30, 2022, and cites primary sources for verification.
Mergers and Investments in Focus
No major mergers, acquisitions, or public venture investments specific to the WordPress core or the largest WordPress vendor brands were announced during April 2022. Instead, the community focused on product development and security remediation.
Analysts tracked later-quarter deals that fell outside April and noted that acquisition activity clustered in adjacent months. This means April was primarily a month of engineering and governance changes rather than consolidation by acquisition.
Core Development and Releases
WordPress maintenance and feature development continued on two parallel tracks in April 2022. The first track delivered a short-cycle maintenance release, and the second track advanced work on the next major release.
WordPress released maintenance update 5.9.3 on April 5, 2022. The release addressed a set of bug fixes in core and block editor and was flagged as a short-cycle maintenance release. Site operators were advised to update production sites where feasible.
The 6.0 development cycle moved forward with a formal beta cadence. WordPress 6.0 Beta 1 was published on April 12, 2022, followed by Beta 2 on April 19, 2022, and Beta 3 on April 26, 2022. The beta series was intended for testing on staging environments and to gather late feedback ahead of the scheduled May release.
The project communicated the roadmap and emphasized editor and theme improvements that would be merged into 6.0.
Other WordPress News
Gutenberg continued to be the focal point for feature work destined for core. Two Gutenberg plugin releases in April consolidated editor improvements that would ship in WordPress 6.0. Gutenberg 13.0 shipped on April 14, 2022, and delivered features such as multi-block text selection, improved responsive block behavior, and better exposure of block patterns.
Shortly after, Gutenberg 13.1 landed on April 27, 2022, adding practical refinements, including border support for the Columns block and several accessibility fixes. These plugin releases realigned the block editor with the 6.0 feature set.
The WordPress Plugin Review team introduced a controls change for the plugin directory on April 15, 2022. Featured and beta plugins require manual review to change ownership or add committers.
The rule aimed to reduce the attack surface from sudden maintainer changes and to prevent the high-profile featured set from being converted into premium upsell mechanisms without oversight. The change was explicitly justified as a security and trust measure.
The project also ran product walkthroughs and contributor-focused events. A public walkthrough of the 6.0 product plan attracted community members and served as a model for more frequent contributor-led tutorials and demos.
Plugin Flaws and Security Fixes
April 2022 was a high-intensity month for disclosed and patched plugin vulnerabilities. Security researchers and vendors published detailed advisories, and several patches were issued across widely installed extensions. The vulnerability landscape underscored the twin realities of WordPress scale and the speed at which attackers will attempt to weaponize unpatched flaws.
The most consequential patch addressed a critical remote code execution vulnerability in the Elementor website builder, assigned CVE 2022 1329. The vulnerability allowed authenticated attackers to exploit missing capability checks to upload and execute arbitrary files.
Elementor pushed a fix in version 3.6.3 in mid-April 2022, and the disclosure drew coordinated coverage from security vendors. Site owners were urged to update immediately.
Sucuri published a consolidated vulnerability roundup for April that listed various issues. The report called out broken access control in Advanced Custom Fields, patched in version 5.12.1, a critical options update vulnerability in Sitemap by click5, multiple SQL injection cases, such as in Photo Gallery and MapSVG, and several cross-site scripting vulnerabilities.
The roundup also reiterated the importance of updating core and plugin code and recommended virtual patching where updates were impossible.
Security researchers and vendors such as Wordfence, Patchstack, and WPScan documented disclosure timelines and patches. The ecosystem response to the Elementor flaw showed the disclosure process in action and highlighted responsible disclosure timelines and the need for vendors to respond rapidly to high-severity reports.
Trends Shaping the WordPress Landscape
April 2022 amplified themes that had accelerated since the late 2021 WordPress releases. Full Site Editing continued to transition from concept to practical reality. The Gutenberg release cadence, plus the 6.0 beta stream, made the split between block tooling and site tools clearer.
Contributors continued to invest in patterns, block responsiveness, and tools that help designers and site builders move away from legacy page builder models where appropriate.
Security and supply chain integrity emerged as a second major trend. The plugin directory controls introduced in April signaled a new emphasis on governance to manage the risk of ownership transfer to unknown parties.
Concurrently, the month-long wave of plugin fixes emphasized that security remains a running operational concern for hosting providers, agencies, and site owners.
Another practical trend was the growth of performance and site health tooling. The Performance Lab plugin and other measurement efforts continued to gain attention as contributors pushed for clearer telemetry and performance testbeds to justify platform changes.
The community also discussed WebP compatibility and front-end performance metrics as part of a broader drive to bake performance into core workflows.
Theme Spotlight: Twenty-Twenty-Two
Twenty Twenty Two was selected as the Theme of the Month for April 2022. It was the default block theme introduced to showcase full site editing patterns, templates, and global style variations.
The theme was a practical reference implementation for the new editing models being refined in Gutenberg and prepared for WordPress 6.0.
This made it an essential educational and development tool for designers, theme authors, and agencies adapting workflows to complete site editing.
Plugin Spotlight: All in One SEO
All in One SEO, commonly known as AIOSEO, is the Plugin of the Month. AIOSEO continued active development and maintenance through April 2022 and was notable for its large install base and frequent updates.
The AIOSEO project maintained an active changelog and continued to expand integrations and compatibility fixes relevant to the evolving WordPress core and PHP environment. The plugin remained a primary SEO toolkit for site owners and agencies managing indexing, sitemaps, schema, and redirects.
Agency Spotlight: Seahawk Media
Seahawk Media is Agency of the Month. Seahawk continued positioning itself as a WordPress-focused service marketplace and agency that provides white-label and managed services to hosts and partners.
The company publishes tutorials and maintains a portfolio and toolbox for hosting partners, agencies, and small to medium businesses. Seahawk also works with major vendors and hosts, reflecting the broader professionalization of WordPress services.
Host Spotlight: Bluehost
Bluehost is the Host of the Month. In April, the company published an editorial roundup focusing on the WordPress 6.0 beta series and community developments.
Bluehost is a longstanding WordPress-recommended host. It used its April editorial coverage to inform customers about the beta cadence and plugin governance changes. The host also continued to market its managed and WordPress-centric hosting plans and resources during the month.
Founder Spotlight: Benjamin Rojas
Benjamin Rojas was recognized as Founder of the Month. As the president and a visible leader at All in One SEO, Rojas was associated with product stewardship and a renewed focus on compatibility and developer experience at AIOSEO. His profile and leadership role were well documented on the AIOSEO site and in the plugin credits.
What to Expect in May 2022
The most anticipated milestone was WordPress 6.0, which was planned for general release on May 24, 2022. The April beta cadence prepared the project for release candidates and final translations in early May.
The community expected the final 6.0 release to bring consolidated editor improvements, additional site editor features, and a mature set of block patterns and theme tooling. Hosts, agencies, and plugin authors were advised to use April beta releases for compatibility testing and to stage updates for sites ahead of the production release.
Conclusion
April 2022 was a month of engineering milestones and security reminders. The WordPress project advanced its editor and theme capabilities through the Gutenberg releases and the 6.0 beta series. At the same time, the ecosystem was forced to react to critical security disclosures across several widely installed plugins.
The combined effect reinforced two practical priorities for site owners. The first is to plan for the new full site editing reality by testing themes and plugins against the beta stream. The second is maintaining an operational patching discipline and working closely with hosts and security tools to reduce exposure while updates are staged.